-
Notifications
You must be signed in to change notification settings - Fork 665
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dokan does not pass the full range of dwFlagsAndAttributes to the DOKAN_OPERATIONS.CreateFile callback #83
Comments
You are right. Driver passes all correct to usermode dll splittet into CreateOptions and FileAttributes. FileAttributes are used but CreateOptions not really. CreateOptions are just used to get the createDisposition and to set the delete on close. Your expectations is that FileAttributes contains also all the flags set in the CreateOptions or a new parameter is need? What is the actual flag you are missing? In generally all flags should be passed to the call back method. |
My expectation is that in the user mode call to |
Reading more about |
If too much informations are lost in the current |
OK I can take care of this once I finish #79 as I would like both of these issues to be resolved for the next release. |
Hello @Corillian & @billziss-gh, You have both proposed a pull request for the same purpose but in different implementation. billziss-gh seems to be the same as Corillian but without the lpSecurityAttributes that he have prefer to keep empty.
I agree that DOKAN_IO_SECURITY_CONTEXT is complex but, if we keep it, will it be usefull in the futur ? or would we need to rewrite it anyway ? And also bill has not override the CreateFile, but propose a CreateFileEx, that's really something I like ! Corillian has created DokanMapKernelToUserCreateFileFlags that I would like to keep in any case to help the dev. I am saying this because you have made both a great work and you have both good ideas. It would be great if you could both work together to have one proposition. |
@Liryna we had discussed the possibility of adding a separate function above. I suggested the name As for the I say we do the right thing now so that we don't have to worry about it in the future. I can fix up the |
Hello, Liryna and Corillian: I wrote my PR a couple of days ago for a few reasons:
Furthermore I reviewed Corillian's PR and I found what IMO are some concerns:
Regarding the Reserved security descriptor in my PR: this is currently reserved and will always be zero. The intent is to (minimally) modify the driver to pass the security descriptor, so that it can be attached to newly created files. This change will happen in the near future. [But not in the same PR.] |
Addressing @billziss-gh's concerns:
I don't see the point in having a reserved parameter when you know you're going to need to solve that problem anyway. |
Re: 1. I understand that it is not an issue for you. But it may be for other file system implementors. |
|
Thanks for the documentation pointers. To clarify I am aware of the IO_SECURITY_CONTEXT and ACCESS_STATE documentation, but that does not make me much wiser on what to do with them. Perhaps I am in the minority. In any case I have registered my concerns and my reasons for creating the alternative PR. |
If it helps, let me say that I think ALL we know that Dokan was left in a state that was not production-ready which means that MAJOR changes have to be made to take it to the desired point. IMHO this means that breaking API changes are probably inevitable but, most important, it's better to make them now than later. And trying to simplify complex things in a way that gives a "handicapped" solution in my experience is not a good way. It's better to be able to address the full complexity of the problem, but provide "simplified paths" for the common use cases as you all are already trying to provide in your PRs. It would be great to have all the power of your solutions together in Dokany as @Liryna is asking for. Keep the good work and thank you for your efforts! PS: I'm sorry I don't have the skills nor the knowledge to help with the code as I would wish. |
Thank you @billziss-gh, @Corillian & @xgid for all your inputs ! So I think we all agree that:
If what I wrote is ok for everyone: |
I believe the name ZwCreateFile is misleading. Here is what the real ZwCreateFile prototype looks like:
My opinion is that if we are changing the API, we should also purge CreateDirectory and OpenDirectory. [EDIT: just reread @Liryna's message and saw she is already saying that CreateDirectory, OpenDirectory should be purged. Apologies for missing that.] The NTSTATUS checker should be cleaned up. It is currently overcomplicated. It should be a simple mapping between the CreateDisposition and the corresponding NTSTATUS to return. Along the lines of:
STATUS_OBJECT_NAME_COLLISION should not be handled specially. I note that ERROR_ALREADY_EXISTS is added by the Win32 CreateFileW using a test along the lines of:
SL_OPEN_TARGET_DIRECTORY is not handled properly. For one thing, we should return FILE_EXISTS, FILE_DOES_NOT_EXIST based on whether the original pointed file exists (not the target directory). In my tests with MoveFileExW everything worked when setting the information code to FILE_OPENED though. The information codes FILE_EXISTS and FILE_DOES_NOT_EXIST are not used except in the case of SL_OPEN_TARGET_DIRECTORY. Confirmed on Fastfat and NTFS. Also for consideration: eventInfo need not be a malloc allocation. This seems superfluous (unless I am missing something) Regarding winfstest: It is located at https://bitbucket.org/billziss/secfs.test, subdirectory winfstest. I have it under a BSD license, i.e. up for grabs. It requires Python (2.7) to run. It can run on both Windows and Cygwin Python. Change to the drive/directory you wish to test and use run-winfstest.bat on Windows and run-winfstest (shell script) on Cygwin. There are only a few number of tests currently, but they exercise a fair amount of the Dokan API. All tests pass on NTFS. Many tests fail on mirror.exe and most pass on my own file system. Handling ShareAccess is a particular sticky point (I believe @Liryna you have said that these should and will be handled at the driver level and I agree with you). I would expect that we would need about 10 times as many tests to have a comprehensive test suite though. |
@billziss-gh it's required for handling access rights, security, and auditing for the ZwCreateFile operation. The links I provided give additional information on what that means and why you would need it. I don't see how using I don't think Dokan should handle ShareAccess unless it's something that can optionally be disabled. My driver needs to handle ShareAccess itself though I can imagine that's uncommon. Any modifications to the NTSTATUS handling and ShareAccess should probably be performed under a separate Issue/PR. @Liryna Ok I shall rename I'll also update my |
Understood. I do not believe I have anything else to add as I do not believe any input is taken into consideration anyway. |
@billziss-gh , I consider everything proposition. Removing CreateDirectory & OpenDirectory is one of your. But quickly: I am totally open to discuss about NtStatus. I agree that NtStatus is a big mess for now in dispatchcreate and it need to be changed. It is such part of the code that hard to change without breaking everything. But now that there is winfstest, we can rewrite this part from 0 and test it ! About ZwCreateFile name, it is right that it is not going to be exactly ZwCreateFile but since NtCreateFile documentation say : I also think eventInfo should not be dynamically allocated. And I am sure there is a lot of such in all dokan 😢 About winfstest, it is a great news! Appveyor have normally python installed. So I will add it in the futur. About ShareAccess, @Corillian , I also think that it have to be optional when it gonna be made. |
@Liryna to clarify: my disagreement is with @Corillian and not you. Re: winfstest. Perhaps we should open a new issue to discuss that as to not pollute this thread? The mirror passes all ShareAccess tests, but only by accident. It simply forwards them back to Win32, which of course handles ShareAccess properly. There are a few other tests, but most have to do with wrong status codes returned, so easily fixable. There is also a more important failure about DeleteFile.
For what it's worth the proposed NTSTATUS checking does not break any of the winfstest tests. |
@billziss-gh Thank for the feed back ! |
Hi Liryna. I agree with all 4 points. On 10/29/2015 7:03 AM, Liryna wrote:
|
Added audit info to DOKAN_ACCESS_STATE The SECURITY_DESCRIPTOR passed to the user mode driver is now created using SeAssignSecurity(). NOTE: It does not inherit the security of its parent since the kernel mode driver doesn't keep track of that. We will likely need a callback into the user mode driver to get this information. Fixed memory corruption caused by a race condition in GetRawDeviceName()
#91 has been merged |
User mode
CreateFile()
combines flags and attributes into a single 32-bit value calleddwFlagsAndAttributes
however it gets split between two parameters,FileAttributes
andCreateOptions
, whenCreateFile()
gets translated into its kernel mode equivalentZwCreateFile()
. Dokan.dllDispatchCreate()
does not translate the kernel modeZwCreateFile()
CreateOptions
back into their user modeCreateFile()
dwFlagsAndAttributes
equivalents which results in these values being lost.The text was updated successfully, but these errors were encountered: